BR112015031853A2 - autenticação de processo e permissões de recurso - Google Patents
autenticação de processo e permissões de recursoInfo
- Publication number
- BR112015031853A2 BR112015031853A2 BR112015031853A BR112015031853A BR112015031853A2 BR 112015031853 A2 BR112015031853 A2 BR 112015031853A2 BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A2 BR112015031853 A2 BR 112015031853A2
- Authority
- BR
- Brazil
- Prior art keywords
- permissions
- metadata
- operating
- digital signature
- binary file
- Prior art date
Links
- 230000003190 augmentative Effects 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Abstract
a presente invenção refere-se a técnicas e sistemas descritos no presente documento que estão presentes em várias implantações de um modelo para autenticar processos para execução e especificar e reforçar restrições de permissão em recursos de sistema para processos e usuários. em algumas implantações, um arquivo binário para um aplicativo, programa ou processo pode ser aumentado para incluir uma assinatura digital criptografada com uma chave de modo que um sistema operacional possa autenticar, de forma subsequente, a assinatura digital. uma vez que o arquivo binário tenha sido autenticado, o sistema operacional pode criar um processo e marcar o processo com metadados que indicam o tipo de permissões que são permitidas para o processo. os metadados podem corresponder a um nível de acesso particular para especificar as permissões de recurso.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/925,703 US9515832B2 (en) | 2013-06-24 | 2013-06-24 | Process authentication and resource permissions |
PCT/US2013/061080 WO2014209416A1 (en) | 2013-06-24 | 2013-09-21 | Process authentication and resource permissions |
Publications (2)
Publication Number | Publication Date |
---|---|
BR112015031853A2 true BR112015031853A2 (pt) | 2017-07-25 |
BR112015031853A8 BR112015031853A8 (pt) | 2019-12-31 |
Family
ID=49293916
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
BR112015031853A BR112015031853A8 (pt) | 2013-06-24 | 2013-09-21 | sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema |
Country Status (7)
Country | Link |
---|---|
US (1) | US9515832B2 (pt) |
EP (1) | EP3014511A1 (pt) |
JP (1) | JP6286034B2 (pt) |
CN (1) | CN105408912B (pt) |
BR (1) | BR112015031853A8 (pt) |
RU (1) | RU2637878C2 (pt) |
WO (1) | WO2014209416A1 (pt) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9537892B2 (en) | 2012-12-20 | 2017-01-03 | Bank Of America Corporation | Facilitating separation-of-duties when provisioning access rights in a computing system |
US9639594B2 (en) | 2012-12-20 | 2017-05-02 | Bank Of America Corporation | Common data model for identity access management data |
US9542433B2 (en) | 2012-12-20 | 2017-01-10 | Bank Of America Corporation | Quality assurance checks of access rights in a computing system |
US9489390B2 (en) | 2012-12-20 | 2016-11-08 | Bank Of America Corporation | Reconciling access rights at IAM system implementing IAM data model |
US9189644B2 (en) | 2012-12-20 | 2015-11-17 | Bank Of America Corporation | Access requests at IAM system implementing IAM data model |
US9529629B2 (en) | 2012-12-20 | 2016-12-27 | Bank Of America Corporation | Computing resource inventory system |
US9483488B2 (en) | 2012-12-20 | 2016-11-01 | Bank Of America Corporation | Verifying separation-of-duties at IAM system implementing IAM data model |
US9477838B2 (en) | 2012-12-20 | 2016-10-25 | Bank Of America Corporation | Reconciliation of access rights in a computing system |
US9495380B2 (en) | 2012-12-20 | 2016-11-15 | Bank Of America Corporation | Access reviews at IAM system implementing IAM data model |
US9407638B2 (en) | 2013-08-26 | 2016-08-02 | The Boeing Company | System and method for trusted mobile communications |
US9344439B2 (en) * | 2014-01-20 | 2016-05-17 | The Boeing Company | Executing unprotected mode services in a protected mode environment |
KR101671989B1 (ko) * | 2014-02-10 | 2016-11-03 | 한국전자통신연구원 | 전자 서명 제공 장치 및 방법 |
US10776457B1 (en) * | 2014-07-22 | 2020-09-15 | Epic Games, Inc. | System and method for preventing execution of unauthorized code |
CN105404819A (zh) * | 2014-09-10 | 2016-03-16 | 华为技术有限公司 | 一种数据访问控制方法、装置以及终端 |
US10049218B2 (en) | 2016-12-07 | 2018-08-14 | Google Llc | Rollback resistant security |
US10432407B2 (en) * | 2016-12-19 | 2019-10-01 | Arris Enterprises Llc | Secure provisioning of unique time-limited certificates to virtual application instances in dynamic and elastic systems |
EP3376464A1 (en) * | 2017-03-14 | 2018-09-19 | Electronics and Telecommunications Research Institute | Trust-based resource sharing method and system |
US10572680B2 (en) * | 2017-03-21 | 2020-02-25 | Microsoft Technology Licensing, Llc | Automated personalized out-of-the-box and ongoing in-application settings |
WO2020081077A1 (en) * | 2018-10-18 | 2020-04-23 | Hewlett-Packard Development Company, L.P. | Creating statistical analyses of data for transmission to servers |
US10812272B1 (en) | 2020-01-13 | 2020-10-20 | Cyberark Software Ltd. | Identifying computing processes on automation servers |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6023765A (en) * | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US6289462B1 (en) * | 1998-09-28 | 2001-09-11 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
US6981281B1 (en) | 2000-06-21 | 2005-12-27 | Microsoft Corporation | Filtering a permission set using permission requests associated with a code assembly |
EP2306259B1 (en) | 2000-09-21 | 2015-05-27 | BlackBerry Limited | Software code signing system and method |
EP1225512A1 (en) | 2001-01-19 | 2002-07-24 | Eyal Dotan | Method for protecting computer programs and data from hostile code |
FR2901038A1 (fr) * | 2006-05-15 | 2007-11-16 | France Telecom | Procede et dispositif de configuration securisee d'un terminal au moyen d'un dispositif de stockage de donnees de demarrage |
US8381306B2 (en) | 2006-05-30 | 2013-02-19 | Microsoft Corporation | Translating role-based access control policy to resource authorization policy |
US8117441B2 (en) | 2006-06-20 | 2012-02-14 | Microsoft Corporation | Integrating security protection tools with computer device integrity and privacy policy |
CN101231712A (zh) * | 2007-01-23 | 2008-07-30 | 上海宝信软件股份有限公司 | 业务授权模型及其在具体业务应用中的设定方法 |
US8196184B2 (en) * | 2007-02-16 | 2012-06-05 | Microsoft Corporation | Efficient data structures for multi-dimensional security |
US8433927B2 (en) | 2007-05-29 | 2013-04-30 | International Business Machines Corporation | Cryptographically-enabled privileged mode execution |
JP5043786B2 (ja) * | 2008-09-10 | 2012-10-10 | Kddi株式会社 | アクセス制御システム、アクセス制御方法 |
US8973158B2 (en) | 2011-07-20 | 2015-03-03 | Microsoft Technology Licensing Llc | Trust level activation |
US8832447B2 (en) * | 2011-08-10 | 2014-09-09 | Sony Corporation | System and method for using digital signatures to assign permissions |
CN102354356B (zh) * | 2011-09-29 | 2014-06-04 | 用友软件股份有限公司 | 数据权限管理装置和方法 |
-
2013
- 2013-06-24 US US13/925,703 patent/US9515832B2/en active Active
- 2013-09-21 BR BR112015031853A patent/BR112015031853A8/pt unknown
- 2013-09-21 JP JP2016521395A patent/JP6286034B2/ja active Active
- 2013-09-21 EP EP13771337.6A patent/EP3014511A1/en active Pending
- 2013-09-21 CN CN201380077757.4A patent/CN105408912B/zh active IP Right Grant
- 2013-09-21 WO PCT/US2013/061080 patent/WO2014209416A1/en active Application Filing
- 2013-09-21 RU RU2015155272A patent/RU2637878C2/ru active
Also Published As
Publication number | Publication date |
---|---|
JP2016527608A (ja) | 2016-09-08 |
BR112015031853A8 (pt) | 2019-12-31 |
CN105408912A (zh) | 2016-03-16 |
WO2014209416A1 (en) | 2014-12-31 |
US20140380058A1 (en) | 2014-12-25 |
EP3014511A1 (en) | 2016-05-04 |
RU2637878C2 (ru) | 2017-12-07 |
CN105408912B (zh) | 2018-09-14 |
US9515832B2 (en) | 2016-12-06 |
JP6286034B2 (ja) | 2018-02-28 |
RU2015155272A (ru) | 2017-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019268183A1 (en) | Fingerprint based authentication for single sign on | |
EP3591931A4 (en) | Authentication method, and authentication data processing method and device based on blockchain | |
IL249414D0 (en) | Analyzing facial recognition data and social network data for user authentication | |
BR112017016942A2 (pt) | sistemas e métodos para executar autenticação de usuário baseada em impressão digital usando imagens capturadas usando dispositivos móveis | |
BR112017002747A2 (pt) | computer implemented method, and, computer system. | |
EE201800028A (et) | Plotchain based multiple identity control system and method | |
SG10201802554YA (en) | Blockchain-based digital identity management method | |
WO2015162072A3 (en) | Instant messaging systems and methods | |
WO2016060722A3 (en) | Homomorphic encryption in a healthcare network environment, system and methods | |
HK1252700A1 (zh) | 用於創建、驗證和管理身份的方法及系統 | |
EP3346633A4 (en) | Permission information management system, user terminal, proprietor terminal, permission information management method, and permission information management program | |
WO2017106101A3 (en) | Techniques for metadata processing | |
HK1221795A1 (zh) | Identity authentication method, device, terminal and server | |
BR112016024453A2 (pt) | transporte seguro de máquinas virtuais criptografadas com acesso contínuo do proprietário | |
EP3443706A4 (en) | System and methods for validating and performing operations on homomorphically encrypted data | |
MX2019002184A (es) | SYSTEM FOR DISTRIBUTED INTELLIGENT REMOTE DETECTION SYSTEMS. | |
AU2015200905B9 (en) | Method and system for providing an efficient vulnerability management and verification service | |
BR112015024562A2 (pt) | método, aparelho e sistema para autenticação de acesso e programa de computador | |
WO2014140807A3 (en) | Method, system, and device for generating, storing, using, and validating nfc tags and data | |
EP2706724A3 (en) | Systems and methods for secure file portability between mobile applications on a mobile device | |
WO2016049636A3 (en) | Remote server encrypted data provisioning system and methods | |
BR112016005604A8 (pt) | biometric feedback security and key generation | |
AR102007A1 (es) | Sistema, método implementado por computadora y dispositivo informático de autenticación para acceder a recursos en base a desafíos | |
BR112016026543A2 (pt) | sistema de rede de virtualização de funções de rede e método de processamento de dados, e aparelho. | |
MX2015012646A (es) | VERIFICATION OF LOCATION OF MULTIPLE FACTORS. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
B06U | Preliminary requirement: requests with searches performed by other patent offices: suspension of the patent application procedure |